PT-2024-7343 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter
Zack Sanchez
·
Published
2024-10-16
·
Updated
2024-10-22
·
CVE-2024-20458
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:P |
Name of the Vulnerable Software and Affected Versions:
Cisco ATA 190 Series Analog Telephone Adapter firmware (affected versions not specified)
Description:
A vulnerability in the web-based management interface of the Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ata 190 Series Analog Telephone Adapter